@lucern/sdk 0.3.0-alpha.11 → 0.3.0-alpha.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (102) hide show
  1. package/README.md +51 -0
  2. package/dist/accessControl.d.ts +1 -0
  3. package/dist/accessControl.js +156 -22
  4. package/dist/accessControl.js.map +1 -1
  5. package/dist/adminClient.js.map +1 -1
  6. package/dist/answersClient.js.map +1 -1
  7. package/dist/audiencesClient.js.map +1 -1
  8. package/dist/auditClient.js.map +1 -1
  9. package/dist/authContext.d.ts +1 -1
  10. package/dist/authContext.js.map +1 -1
  11. package/dist/beliefs/index.d.ts +1 -0
  12. package/dist/beliefs/index.js +206 -40
  13. package/dist/beliefs/index.js.map +1 -1
  14. package/dist/beliefsClient.js.map +1 -1
  15. package/dist/client.d.ts +79 -31
  16. package/dist/client.js +206 -40
  17. package/dist/client.js.map +1 -1
  18. package/dist/contextClient.js.map +1 -1
  19. package/dist/contracts/auth-session.contract.d.ts +1 -1
  20. package/dist/contracts/auth-session.contract.js +13 -1
  21. package/dist/contracts/auth-session.contract.js.map +1 -1
  22. package/dist/contracts/index.js +13 -1
  23. package/dist/contracts/index.js.map +1 -1
  24. package/dist/contradictions/index.d.ts +1 -0
  25. package/dist/contradictions/index.js +206 -40
  26. package/dist/contradictions/index.js.map +1 -1
  27. package/dist/control-plane.d.ts +69 -0
  28. package/dist/control-plane.js +656 -0
  29. package/dist/control-plane.js.map +1 -0
  30. package/dist/coreClient.js.map +1 -1
  31. package/dist/decisions/index.d.ts +1 -0
  32. package/dist/decisions/index.js +206 -40
  33. package/dist/decisions/index.js.map +1 -1
  34. package/dist/decisionsClient.js.map +1 -1
  35. package/dist/edges/index.d.ts +1 -0
  36. package/dist/edges/index.js +206 -40
  37. package/dist/edges/index.js.map +1 -1
  38. package/dist/embeddingsClient.js.map +1 -1
  39. package/dist/eventingClient.js.map +1 -1
  40. package/dist/eventsCore.js.map +1 -1
  41. package/dist/evidence/index.d.ts +1 -0
  42. package/dist/evidence/index.js +206 -40
  43. package/dist/evidence/index.js.map +1 -1
  44. package/dist/evidenceClient.js.map +1 -1
  45. package/dist/functionSurface.d.ts +2 -1
  46. package/dist/functionSurface.js +5 -0
  47. package/dist/functionSurface.js.map +1 -1
  48. package/dist/functionSurfaceClient.js +5 -0
  49. package/dist/functionSurfaceClient.js.map +1 -1
  50. package/dist/gatewayFacades.d.ts +26 -2
  51. package/dist/gatewayFacades.js +135 -7
  52. package/dist/gatewayFacades.js.map +1 -1
  53. package/dist/graphAnalysisClient.js.map +1 -1
  54. package/dist/graphClient.js.map +1 -1
  55. package/dist/graphRecommendationsClient.js.map +1 -1
  56. package/dist/graphStateClassifierClient.js.map +1 -1
  57. package/dist/harnessClient.js.map +1 -1
  58. package/dist/identityClient.d.ts +19 -1
  59. package/dist/identityClient.js +133 -5
  60. package/dist/identityClient.js.map +1 -1
  61. package/dist/index.d.ts +1 -0
  62. package/dist/index.js +232 -49
  63. package/dist/index.js.map +1 -1
  64. package/dist/jobsClient.js.map +1 -1
  65. package/dist/learningClient.js.map +1 -1
  66. package/dist/lenses/index.d.ts +1 -0
  67. package/dist/lenses/index.js +206 -40
  68. package/dist/lenses/index.js.map +1 -1
  69. package/dist/mcpClient.js.map +1 -1
  70. package/dist/modelRuntimeClient.js.map +1 -1
  71. package/dist/nodes/index.d.ts +1 -0
  72. package/dist/nodes/index.js +206 -40
  73. package/dist/nodes/index.js.map +1 -1
  74. package/dist/ontologies/index.d.ts +1 -0
  75. package/dist/ontologies/index.js +206 -40
  76. package/dist/ontologies/index.js.map +1 -1
  77. package/dist/ontologyClient.js.map +1 -1
  78. package/dist/ontologyLinksClient.js.map +1 -1
  79. package/dist/orgGraphSearchClient.js.map +1 -1
  80. package/dist/packsClient.js.map +1 -1
  81. package/dist/policyClient.js.map +1 -1
  82. package/dist/questions/index.d.ts +1 -0
  83. package/dist/questions/index.js +206 -40
  84. package/dist/questions/index.js.map +1 -1
  85. package/dist/reportsClient.js.map +1 -1
  86. package/dist/schemaClient.js.map +1 -1
  87. package/dist/sourcesClient.js.map +1 -1
  88. package/dist/telemetryClient.js.map +1 -1
  89. package/dist/toolRegistryClient.js.map +1 -1
  90. package/dist/topics/index.d.ts +1 -0
  91. package/dist/topics/index.js +206 -40
  92. package/dist/topics/index.js.map +1 -1
  93. package/dist/topicsClient.js.map +1 -1
  94. package/dist/types.d.ts +12 -0
  95. package/dist/version.d.ts +1 -1
  96. package/dist/version.js +1 -1
  97. package/dist/version.js.map +1 -1
  98. package/dist/workflowClient.js.map +1 -1
  99. package/dist/worktrees/index.d.ts +1 -0
  100. package/dist/worktrees/index.js +206 -40
  101. package/dist/worktrees/index.js.map +1 -1
  102. package/package.json +9 -5
package/dist/client.js CHANGED
@@ -32,14 +32,14 @@ function requireString(value, reason, label) {
32
32
  }
33
33
  return normalized;
34
34
  }
35
- function requirePrincipalType(principalType) {
36
- if (!principalType) {
35
+ function requirePrincipalType(principalType2) {
36
+ if (!principalType2) {
37
37
  throw new LucernSdkAuthContextError(
38
38
  "principal_missing",
39
39
  "Canonical Lucern SDK auth context is missing principalType."
40
40
  );
41
41
  }
42
- return principalType;
42
+ return principalType2;
43
43
  }
44
44
  function requireAuthMode(authMode) {
45
45
  if (!authMode) {
@@ -85,7 +85,7 @@ function normalizeCanonicalLucernAuthContext(input) {
85
85
  );
86
86
  const roles = cleanStringList(input.roles);
87
87
  const scopes = cleanStringList(input.scopes);
88
- const principalType = requirePrincipalType(input.principalType);
88
+ const principalType2 = requirePrincipalType(input.principalType);
89
89
  const authMode = requireAuthMode(input.authMode);
90
90
  const roleBasedInteractiveAuth = authMode === "interactive_user" && roles.length > 0;
91
91
  if (roles.length === 0 || scopes.length === 0 && !roleBasedInteractiveAuth) {
@@ -114,7 +114,7 @@ function normalizeCanonicalLucernAuthContext(input) {
114
114
  principalId,
115
115
  tenantId,
116
116
  workspaceId,
117
- principalType,
117
+ principalType: principalType2,
118
118
  authMode,
119
119
  roles,
120
120
  scopes,
@@ -1103,6 +1103,128 @@ function listResultFromEnvelope(data, legacyKey) {
1103
1103
  );
1104
1104
  }
1105
1105
 
1106
+ // src/control-plane.ts
1107
+ var LucernControlPlaneIdentityError = class extends Error {
1108
+ reason;
1109
+ principalStatus;
1110
+ tenantStatus;
1111
+ workspaceStatus;
1112
+ details;
1113
+ constructor(failure) {
1114
+ super(failure.message);
1115
+ this.name = "LucernControlPlaneIdentityError";
1116
+ this.reason = failure.reason;
1117
+ this.principalStatus = failure.principalStatus;
1118
+ this.tenantStatus = failure.tenantStatus;
1119
+ this.workspaceStatus = failure.workspaceStatus;
1120
+ this.details = failure.details;
1121
+ }
1122
+ };
1123
+ function cleanString3(value) {
1124
+ return typeof value === "string" && value.trim().length > 0 ? value.trim() : void 0;
1125
+ }
1126
+ function stringList(value) {
1127
+ if (!Array.isArray(value)) {
1128
+ return [];
1129
+ }
1130
+ return [
1131
+ ...new Set(
1132
+ value.filter((entry) => typeof entry === "string").map((entry) => entry.trim()).filter(Boolean)
1133
+ )
1134
+ ];
1135
+ }
1136
+ function principalType(value) {
1137
+ switch (value) {
1138
+ case "service":
1139
+ case "service_principal":
1140
+ return "service";
1141
+ case "agent":
1142
+ return "agent";
1143
+ case "group":
1144
+ return "group";
1145
+ case "external_viewer":
1146
+ case "external_stakeholder":
1147
+ return "external_viewer";
1148
+ default:
1149
+ return "human";
1150
+ }
1151
+ }
1152
+ function adminFlags(roles) {
1153
+ const normalized = roles.map((role) => role.toLowerCase());
1154
+ const isPlatformAdmin = normalized.includes("platform_admin");
1155
+ const isTenantAdmin = isPlatformAdmin || normalized.includes("tenant_admin");
1156
+ const isWorkspaceAdmin = isTenantAdmin || normalized.includes("workspace_admin") || normalized.includes("workspace_owner");
1157
+ return { isPlatformAdmin, isTenantAdmin, isWorkspaceAdmin };
1158
+ }
1159
+ function normalizeResolvedInteractivePrincipal(payload) {
1160
+ if ("ok" in payload && payload.ok === false) {
1161
+ throw new LucernControlPlaneIdentityError(payload);
1162
+ }
1163
+ const principalId = cleanString3(payload.principalId);
1164
+ const clerkId = cleanString3(payload.clerkId);
1165
+ const tenantId = cleanString3(payload.tenantId);
1166
+ if (!principalId || !clerkId || !tenantId) {
1167
+ throw new LucernControlPlaneIdentityError({
1168
+ ok: false,
1169
+ reason: "resolver_unavailable",
1170
+ message: "Control-plane principal resolver returned an incomplete principal context.",
1171
+ principalStatus: payload.principalStatus ?? "missing",
1172
+ tenantStatus: payload.tenantStatus,
1173
+ workspaceStatus: payload.workspaceStatus
1174
+ });
1175
+ }
1176
+ const roles = stringList(payload.roles);
1177
+ const scopes = stringList(payload.scopes);
1178
+ const workspaceId = cleanString3(payload.workspaceId) ?? null;
1179
+ const flags = adminFlags(roles);
1180
+ return {
1181
+ principalId,
1182
+ principalType: principalType(payload.principalType),
1183
+ clerkId,
1184
+ tenantId,
1185
+ workspaceId,
1186
+ roles,
1187
+ scopes,
1188
+ groupIds: stringList(payload.groupIds),
1189
+ permittedToolNames: stringList(payload.permittedToolNames),
1190
+ permittedPackKeys: stringList(payload.permittedPackKeys),
1191
+ principalStatus: cleanString3(payload.principalStatus) ?? "active",
1192
+ tenantStatus: cleanString3(payload.tenantStatus) ?? "active",
1193
+ workspaceStatus: cleanString3(payload.workspaceStatus) ?? (workspaceId ? "active" : "none"),
1194
+ isPlatformAdmin: typeof payload.isPlatformAdmin === "boolean" ? payload.isPlatformAdmin : flags.isPlatformAdmin,
1195
+ isTenantAdmin: typeof payload.isTenantAdmin === "boolean" ? payload.isTenantAdmin : flags.isTenantAdmin,
1196
+ isWorkspaceAdmin: typeof payload.isWorkspaceAdmin === "boolean" ? payload.isWorkspaceAdmin : flags.isWorkspaceAdmin,
1197
+ permit: {
1198
+ subject: cleanString3(payload.permit?.subject) ?? principalId,
1199
+ tenant: cleanString3(payload.permit?.tenant) ?? tenantId,
1200
+ ...workspaceId ? { workspace: cleanString3(payload.permit?.workspace) ?? workspaceId } : {}
1201
+ },
1202
+ authMode: "interactive_user",
1203
+ sessionId: payload.sessionId,
1204
+ delegatedBy: payload.delegatedBy,
1205
+ expiresAt: payload.expiresAt
1206
+ };
1207
+ }
1208
+ function createControlPlaneIdentityClient(config = {}) {
1209
+ const gateway = createGatewayRequestClient(config);
1210
+ return {
1211
+ async resolveInteractivePrincipal(input) {
1212
+ return gateway.request({
1213
+ path: "/api/platform/v1/control-plane/identity/resolve-interactive-principal",
1214
+ method: "POST",
1215
+ body: input
1216
+ }).then(
1217
+ (response) => mapGatewayData(response, normalizeResolvedInteractivePrincipal)
1218
+ );
1219
+ }
1220
+ };
1221
+ }
1222
+ function createControlPlaneClient(config = {}) {
1223
+ return {
1224
+ identity: createControlPlaneIdentityClient(config)
1225
+ };
1226
+ }
1227
+
1106
1228
  // src/identityClient.ts
1107
1229
  function createIdentityWhoamiClient(config = {}) {
1108
1230
  const gateway = createGatewayRequestClient(config);
@@ -1170,13 +1292,25 @@ function createIdentityClient(config = {}) {
1170
1292
  (response) => mapGatewayData(response, (data) => ({
1171
1293
  principalId: data.principalId,
1172
1294
  principalType: data.principalType,
1295
+ clerkId: data.clerkId,
1173
1296
  tenantId: data.tenantId ?? null,
1174
1297
  workspaceId: data.workspaceId ?? null,
1175
1298
  scopes: Array.isArray(data.scopes) ? data.scopes : [],
1176
1299
  roles: Array.isArray(data.roles) ? data.roles : [],
1300
+ groupIds: Array.isArray(data.groupIds) ? data.groupIds : [],
1301
+ permittedToolNames: Array.isArray(data.permittedToolNames) ? data.permittedToolNames : [],
1302
+ permittedPackKeys: Array.isArray(data.permittedPackKeys) ? data.permittedPackKeys : [],
1303
+ principalStatus: data.principalStatus,
1304
+ tenantStatus: data.tenantStatus,
1305
+ workspaceStatus: data.workspaceStatus,
1177
1306
  isPlatformAdmin: data.isPlatformAdmin === true,
1178
1307
  isTenantAdmin: data.isTenantAdmin === true,
1179
1308
  isWorkspaceAdmin: data.isWorkspaceAdmin === true,
1309
+ permit: data.permit ?? (data.tenantId ? {
1310
+ subject: data.principalId,
1311
+ tenant: data.tenantId,
1312
+ ...data.workspaceId ? { workspace: data.workspaceId } : {}
1313
+ } : void 0),
1180
1314
  authMode: data.authMode,
1181
1315
  sessionId: data.sessionId,
1182
1316
  delegatedBy: data.delegatedBy,
@@ -1184,6 +1318,19 @@ function createIdentityClient(config = {}) {
1184
1318
  }))
1185
1319
  );
1186
1320
  },
1321
+ /**
1322
+ * Resolve a Clerk subject through the tenant control-plane Permit projection.
1323
+ * @deprecated Prefer lucern.controlPlane.identity.resolveInteractivePrincipal().
1324
+ */
1325
+ async resolveInteractivePrincipal(input) {
1326
+ return gateway.request({
1327
+ path: "/api/platform/v1/control-plane/identity/resolve-interactive-principal",
1328
+ method: "POST",
1329
+ body: input
1330
+ }).then(
1331
+ (response) => mapGatewayData(response, normalizeResolvedInteractivePrincipal)
1332
+ );
1333
+ },
1187
1334
  /**
1188
1335
  * List principals in the current identity scope.
1189
1336
  */
@@ -1380,7 +1527,7 @@ var LucernAccessControlError = class extends LucernSdkAuthContextError {
1380
1527
  this.policyDecision = policyDecision;
1381
1528
  }
1382
1529
  };
1383
- function cleanString3(value) {
1530
+ function cleanString4(value) {
1384
1531
  const normalized = value?.trim();
1385
1532
  return normalized ? normalized : void 0;
1386
1533
  }
@@ -1395,7 +1542,7 @@ function cleanStringList2(values) {
1395
1542
  ];
1396
1543
  }
1397
1544
  function requireString2(value, reason, label) {
1398
- const normalized = cleanString3(value);
1545
+ const normalized = cleanString4(value);
1399
1546
  if (!normalized) {
1400
1547
  throw new LucernAccessControlError(
1401
1548
  reason,
@@ -1404,13 +1551,19 @@ function requireString2(value, reason, label) {
1404
1551
  }
1405
1552
  return normalized;
1406
1553
  }
1407
- function normalizePrincipalType(principalType) {
1408
- if (principalType === "agent") {
1554
+ function normalizePrincipalType(principalType2) {
1555
+ if (principalType2 === "agent") {
1409
1556
  return "agent";
1410
1557
  }
1411
- if (principalType === "service") {
1558
+ if (principalType2 === "service") {
1412
1559
  return "service";
1413
1560
  }
1561
+ if (principalType2 === "group") {
1562
+ return "group";
1563
+ }
1564
+ if (principalType2 === "external_viewer") {
1565
+ return "external_viewer";
1566
+ }
1414
1567
  return "human";
1415
1568
  }
1416
1569
  function aliasKey(alias) {
@@ -1419,15 +1572,15 @@ function aliasKey(alias) {
1419
1572
  function normalizeAliases(input, canonicalClerkUserId) {
1420
1573
  const aliases = /* @__PURE__ */ new Map();
1421
1574
  for (const alias of input ?? []) {
1422
- const externalSubjectId = cleanString3(alias.externalSubjectId);
1575
+ const externalSubjectId = cleanString4(alias.externalSubjectId);
1423
1576
  if (!externalSubjectId) {
1424
1577
  continue;
1425
1578
  }
1426
1579
  const normalized = {
1427
- provider: cleanString3(alias.provider) ?? "clerk",
1428
- providerProjectId: cleanString3(alias.providerProjectId),
1580
+ provider: cleanString4(alias.provider) ?? "clerk",
1581
+ providerProjectId: cleanString4(alias.providerProjectId),
1429
1582
  externalSubjectId,
1430
- status: cleanString3(alias.status)
1583
+ status: cleanString4(alias.status)
1431
1584
  };
1432
1585
  aliases.set(aliasKey(normalized), normalized);
1433
1586
  }
@@ -1472,10 +1625,10 @@ function normalizeCanonicalPrincipalIdentity(input, options = {}) {
1472
1625
  "principal_missing",
1473
1626
  "principalId"
1474
1627
  );
1475
- const principalType = normalizePrincipalType(principalInput.principalType);
1476
- const observedClerkId = cleanString3(options.observedClerkId);
1477
- const canonicalClerkUserId = cleanString3(principalInput.canonicalClerkUserId) ?? cleanString3(principalInput.clerkId);
1478
- if (principalType === "human" && !canonicalClerkUserId) {
1628
+ const principalType2 = normalizePrincipalType(principalInput.principalType);
1629
+ const observedClerkId = cleanString4(options.observedClerkId);
1630
+ const canonicalClerkUserId = cleanString4(principalInput.canonicalClerkUserId) ?? cleanString4(principalInput.clerkId);
1631
+ if (principalType2 === "human" && !canonicalClerkUserId) {
1479
1632
  throw new LucernAccessControlError(
1480
1633
  "clerk_alias_missing",
1481
1634
  "Human principals require one canonical Clerk user id."
@@ -1497,11 +1650,11 @@ function normalizeCanonicalPrincipalIdentity(input, options = {}) {
1497
1650
  }
1498
1651
  return {
1499
1652
  principalId,
1500
- principalType,
1653
+ principalType: principalType2,
1501
1654
  canonicalClerkUserId,
1502
1655
  clerkIdentityAliases: aliases,
1503
- tenantId: cleanString3(principalInput.tenantId),
1504
- workspaceId: cleanString3(principalInput.workspaceId),
1656
+ tenantId: cleanString4(principalInput.tenantId),
1657
+ workspaceId: cleanString4(principalInput.workspaceId),
1505
1658
  roles: cleanStringList2(principalInput.roles),
1506
1659
  scopes: cleanStringList2(principalInput.scopes)
1507
1660
  };
@@ -1526,7 +1679,7 @@ function buildPolicyInput(identity, input) {
1526
1679
  "tenant_missing",
1527
1680
  "tenantId"
1528
1681
  );
1529
- const workspaceId = cleanString3(input.workspaceId ?? identity.workspaceId);
1682
+ const workspaceId = cleanString4(input.workspaceId ?? identity.workspaceId);
1530
1683
  if (resourceRequiresWorkspace(input.resource) && !workspaceId) {
1531
1684
  throw new LucernAccessControlError(
1532
1685
  "workspace_missing",
@@ -2926,12 +3079,12 @@ function createGraphClient(config = {}) {
2926
3079
  }
2927
3080
 
2928
3081
  // src/topicsClient.ts
2929
- function cleanString4(value) {
3082
+ function cleanString5(value) {
2930
3083
  return typeof value === "string" && value.trim().length > 0 ? value.trim() : void 0;
2931
3084
  }
2932
3085
  function normalizeTopicRecord(value) {
2933
3086
  const record = asRecord(value);
2934
- const topicId = cleanString4(record.topicId) ?? cleanString4(record.id) ?? cleanString4(record._id);
3087
+ const topicId = cleanString5(record.topicId) ?? cleanString5(record.id) ?? cleanString5(record._id);
2935
3088
  return withTopicAlias({
2936
3089
  ...record,
2937
3090
  ...topicId ? { topicId } : {}
@@ -4144,7 +4297,7 @@ function createEmbeddingsClient(config = {}) {
4144
4297
  }
4145
4298
 
4146
4299
  // src/contextClient.ts
4147
- function cleanString5(value) {
4300
+ function cleanString6(value) {
4148
4301
  return typeof value === "string" && value.trim().length > 0 ? value.trim() : void 0;
4149
4302
  }
4150
4303
  function cleanNumber(value) {
@@ -4156,11 +4309,11 @@ function cleanBoolean(value) {
4156
4309
  function buildCompileContextRequest(topicIdOrInput = {}, input = {}) {
4157
4310
  const effectiveInput = typeof topicIdOrInput === "string" ? input : topicIdOrInput;
4158
4311
  const payload = {};
4159
- const topicId = typeof topicIdOrInput === "string" ? cleanString5(topicIdOrInput) : cleanString5(effectiveInput.topicId);
4312
+ const topicId = typeof topicIdOrInput === "string" ? cleanString6(topicIdOrInput) : cleanString6(effectiveInput.topicId);
4160
4313
  if (topicId) {
4161
4314
  payload.topicId = topicId;
4162
4315
  }
4163
- const query5 = cleanString5(effectiveInput.query);
4316
+ const query5 = cleanString6(effectiveInput.query);
4164
4317
  if (query5) {
4165
4318
  payload.query = query5;
4166
4319
  }
@@ -4168,7 +4321,7 @@ function buildCompileContextRequest(topicIdOrInput = {}, input = {}) {
4168
4321
  if (budget !== void 0) {
4169
4322
  payload.budget = budget;
4170
4323
  }
4171
- const ranking = cleanString5(effectiveInput.ranking) ?? cleanString5(effectiveInput.rankingProfile);
4324
+ const ranking = cleanString6(effectiveInput.ranking) ?? cleanString6(effectiveInput.rankingProfile);
4172
4325
  if (ranking) {
4173
4326
  payload.ranking = ranking;
4174
4327
  }
@@ -4184,7 +4337,7 @@ function buildCompileContextRequest(topicIdOrInput = {}, input = {}) {
4184
4337
  if (includeEntities !== void 0) {
4185
4338
  payload.includeEntities = includeEntities;
4186
4339
  }
4187
- const mode = cleanString5(effectiveInput.mode);
4340
+ const mode = cleanString6(effectiveInput.mode);
4188
4341
  if (mode) {
4189
4342
  payload.mode = mode;
4190
4343
  }
@@ -4192,11 +4345,11 @@ function buildCompileContextRequest(topicIdOrInput = {}, input = {}) {
4192
4345
  if (includeFailures !== void 0) {
4193
4346
  payload.includeFailures = includeFailures;
4194
4347
  }
4195
- const worktreeId = cleanString5(effectiveInput.worktreeId);
4348
+ const worktreeId = cleanString6(effectiveInput.worktreeId);
4196
4349
  if (worktreeId) {
4197
4350
  payload.worktreeId = worktreeId;
4198
4351
  }
4199
- const sessionId = cleanString5(effectiveInput.sessionId);
4352
+ const sessionId = cleanString6(effectiveInput.sessionId);
4200
4353
  if (sessionId) {
4201
4354
  payload.sessionId = sessionId;
4202
4355
  }
@@ -5273,6 +5426,7 @@ var CONTRACTS = {
5273
5426
  "remove_edges_between": { method: "DELETE", path: "/edges/between", kind: "mutation", idempotent: true, surfaceIntent: "mcp_analysis" },
5274
5427
  "remove_lens_from_topic": { method: "DELETE", path: "/lenses/apply", kind: "mutation", idempotent: true, surfaceIntent: "mcp_workflow" },
5275
5428
  "resolve_effective_ontology": { method: "POST", path: "/ontologies/effective", kind: "query", idempotent: false, surfaceIntent: "mcp_workflow" },
5429
+ "resolve_interactive_principal": { method: "POST", path: "/control-plane/identity/resolve-interactive-principal", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
5276
5430
  "run_graph_intelligence_query": { method: "POST", path: "/graph-intelligence/run", kind: "query", idempotent: false, surfaceIntent: "mcp_analysis" },
5277
5431
  "search_beliefs": { method: "POST", path: "/beliefs/search", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
5278
5432
  "search_evidence": { method: "POST", path: "/evidence/search", kind: "query", idempotent: false, surfaceIntent: "mcp_core" },
@@ -5655,6 +5809,9 @@ function createFunctionSurfaceClient(config = {}) {
5655
5809
  resolveEffectiveOntology(input = {}, idempotencyKey) {
5656
5810
  return execute("resolve_effective_ontology", input, idempotencyKey);
5657
5811
  },
5812
+ resolveInteractivePrincipal(input = {}, idempotencyKey) {
5813
+ return execute("resolve_interactive_principal", input, idempotencyKey);
5814
+ },
5658
5815
  runGraphIntelligenceQuery(input = {}, idempotencyKey) {
5659
5816
  return execute("run_graph_intelligence_query", input, idempotencyKey);
5660
5817
  },
@@ -5915,7 +6072,7 @@ var ORG_GRAPH_SEARCH_FIELDS = [
5915
6072
  "cursor",
5916
6073
  "provenanceScope"
5917
6074
  ];
5918
- function cleanString6(value, label) {
6075
+ function cleanString7(value, label) {
5919
6076
  const normalized = value?.trim();
5920
6077
  if (!normalized) {
5921
6078
  throw new Error(`${label} is required`);
@@ -5937,9 +6094,9 @@ function searchBody(input) {
5937
6094
  "orgGraphSearch.search"
5938
6095
  );
5939
6096
  return {
5940
- tenantId: cleanString6(input.tenantId, "tenantId"),
5941
- workspaceId: cleanString6(input.workspaceId, "workspaceId"),
5942
- query: cleanString6(input.query, "query"),
6097
+ tenantId: cleanString7(input.tenantId, "tenantId"),
6098
+ workspaceId: cleanString7(input.workspaceId, "workspaceId"),
6099
+ query: cleanString7(input.query, "query"),
5943
6100
  nodeTypes: input.nodeTypes,
5944
6101
  minConfidence: input.minConfidence,
5945
6102
  limit: input.limit,
@@ -5949,8 +6106,8 @@ function searchBody(input) {
5949
6106
  }
5950
6107
  function listQuery2(input) {
5951
6108
  return {
5952
- tenantId: cleanString6(input.tenantId, "tenantId"),
5953
- workspaceId: cleanString6(input.workspaceId, "workspaceId"),
6109
+ tenantId: cleanString7(input.tenantId, "tenantId"),
6110
+ workspaceId: cleanString7(input.workspaceId, "workspaceId"),
5954
6111
  nodeTypes: input.nodeTypes?.join(","),
5955
6112
  minConfidence: input.minConfidence,
5956
6113
  limit: input.limit,
@@ -5984,8 +6141,8 @@ function createOrgGraphSearchClient(config = {}) {
5984
6141
  return gateway.request({
5985
6142
  path: `/api/platform/v1/org-graph-search/nodes/${nodePath}${toQueryString(
5986
6143
  {
5987
- tenantId: cleanString6(input.tenantId, "tenantId"),
5988
- workspaceId: cleanString6(input.workspaceId, "workspaceId"),
6144
+ tenantId: cleanString7(input.tenantId, "tenantId"),
6145
+ workspaceId: cleanString7(input.workspaceId, "workspaceId"),
5989
6146
  globalId: nodeId ? void 0 : globalId
5990
6147
  }
5991
6148
  )}`
@@ -6950,7 +7107,7 @@ function createToolRegistryClient(config = {}) {
6950
7107
  }
6951
7108
 
6952
7109
  // src/version.ts
6953
- var LUCERN_SDK_VERSION = "0.3.0-alpha.11";
7110
+ var LUCERN_SDK_VERSION = "0.3.0-alpha.13";
6954
7111
 
6955
7112
  // src/workflowClient.ts
6956
7113
  function normalizeLensQuery(value) {
@@ -7427,6 +7584,7 @@ function createLucernClient(config = {}) {
7427
7584
  const ontologyLinksClient = createOntologyLinksClient(gatewayConfig);
7428
7585
  const orgGraphSearchClient = createOrgGraphSearchClient(gatewayConfig);
7429
7586
  const functionSurfaceClient = createFunctionSurfaceClient(gatewayConfig);
7587
+ const controlPlaneClient = createControlPlaneClient(gatewayConfig);
7430
7588
  const toolRegistryClient = createToolRegistryClient(gatewayConfig);
7431
7589
  const modelRuntimeClient = createModelRuntimeClient(gatewayConfig);
7432
7590
  const packsClient = createPacksClient(gatewayConfig);
@@ -9090,9 +9248,16 @@ function createLucernClient(config = {}) {
9090
9248
  disable: packsClient.disable
9091
9249
  },
9092
9250
  nodes: nodesNamespace,
9251
+ controlPlane: {
9252
+ identity: {
9253
+ resolveInteractivePrincipal: controlPlaneClient.identity.resolveInteractivePrincipal
9254
+ },
9255
+ raw: controlPlaneClient
9256
+ },
9093
9257
  identity: {
9094
9258
  ...identityFacade,
9095
9259
  access: accessControlClient,
9260
+ resolveInteractivePrincipal: identityClient.resolveInteractivePrincipal,
9096
9261
  evaluatePolicy: identityClient.evaluatePolicy,
9097
9262
  recordPolicyDecision: identityClient.recordPolicyDecision,
9098
9263
  putSecretReference: identityClient.putSecretReference,
@@ -9137,6 +9302,7 @@ function createLucernClient(config = {}) {
9137
9302
  ontologyLinks: ontologyLinksClient,
9138
9303
  orgGraphSearch: orgGraphSearchClient,
9139
9304
  functionSurface: functionSurfaceClient,
9305
+ controlPlane: controlPlaneClient,
9140
9306
  toolRegistry: toolRegistryClient,
9141
9307
  modelRuntime: modelRuntimeClient,
9142
9308
  packs: packsClient,